CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39970 – i40e: fix input validation logic for action_meta
https://notcve.org/view.php?id=CVE-2025-39970
15 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: i40e: fix input validation logic for action_meta Fix condition to check 'greater or equal' to prevent OOB dereference. Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the oldstable distribution (bookworm), these problems have been fixed in version 6.1.158-1. • https://git.kernel.org/stable/c/e284fc280473bed23f2e1ed324e102a48f7d17e1 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39969 – i40e: fix validation of VF state in get resources
https://notcve.org/view.php?id=CVE-2025-39969
15 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: i40e: fix validation of VF state in get resources VF state I40E_VF_STATE_ACTIVE is not the only state in which VF is actually active so it should not be used to determine if a VF is allowed to obtain resources. Use I40E_VF_STATE_RESOURCES_LOADED that is set only in i40e_vc_get_vf_resources_msg() and cleared during reset. In the Linux kernel, the following vulnerability has been resolved: i40e: fix validation of VF state in get resources VF ... • https://git.kernel.org/stable/c/171527da84149c2c7aa6a60a64b09d24f3546298 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39968 – i40e: add max boundary check for VF filters
https://notcve.org/view.php?id=CVE-2025-39968
15 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: i40e: add max boundary check for VF filters There is no check for max filters that VF can request. Add it. Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the oldstable distribution (bookworm), these problems have been fixed in version 6.1.158-1. • https://git.kernel.org/stable/c/e284fc280473bed23f2e1ed324e102a48f7d17e1 •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2025-39967 – fbcon: fix integer overflow in fbcon_do_set_font
https://notcve.org/view.php?id=CVE-2025-39967
15 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: fbcon: fix integer overflow in fbcon_do_set_font Fix integer overflow vulnerabilities in fbcon_do_set_font() where font size calculations could overflow when handling user-controlled font parameters. The vulnerabilities occur when: 1. CALC_FONTSZ(h, pitch, charcount) performs h * pith * charcount multiplication with user-controlled values that can overflow. 2. FONT_EXTRA_WORDS * sizeof(int) + size addition can also overflow 3. This results ... • https://git.kernel.org/stable/c/96e41fc29e8af5c5085fb8a79cab8d0d00bab86c •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-39966 – iommufd: Fix race during abort for file descriptors
https://notcve.org/view.php?id=CVE-2025-39966
15 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix race during abort for file descriptors fput() doesn't actually call file_operations release() synchronously, it puts the file on a work queue and it will be released eventually. This is normally fine, except for iommufd the file and the iommufd_object are tied to gether. The file has the object as it's private_data and holds a users refcount, while the object is expected to remain alive as long as the file is. When the allocati... • https://git.kernel.org/stable/c/07838f7fd529c8a6de44b601d4b7057e6c8d36ed •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2025-39965 – xfrm: xfrm_alloc_spi shouldn't use 0 as SPI
https://notcve.org/view.php?id=CVE-2025-39965
13 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI x->id.spi == 0 means "no SPI assigned", but since commit 94f39804d891 ("xfrm: Duplicate SPI Handling"), we now create states and add them to the byspi list with this value. __xfrm_state_delete doesn't remove those states from the byspi list, since they shouldn't be there, and this shows up as a UAF the next time we go through the byspi list. In the Linux kernel, the following vulnerability has bee... • https://git.kernel.org/stable/c/3d8090bb53424432fa788fe9a49e8ceca74f0544 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-39964 – crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg
https://notcve.org/view.php?id=CVE-2025-39964
13 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg Issuing two writes to the same af_alg socket is bogus as the data will be interleaved in an unpredictable fashion. Furthermore, concurrent writes may create inconsistencies in the internal socket state. Disallow this by adding a new ctx->write field that indiciates exclusive ownership for writing. In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg ... • https://git.kernel.org/stable/c/8ff590903d5fc7f5a0a988c38267a3d08e6393a2 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-39963 – io_uring: fix incorrect io_kiocb reference in io_link_skb
https://notcve.org/view.php?id=CVE-2025-39963
09 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: io_uring: fix incorrect io_kiocb reference in io_link_skb In io_link_skb function, there is a bug where prev_notif is incorrectly assigned using 'nd' instead of 'prev_nd'. This causes the context validation check to compare the current notification with itself instead of comparing it with the previous notification. Fix by using the correct prev_nd parameter when obtaining prev_notif. In the Linux kernel, the following vulnerability has been... • https://git.kernel.org/stable/c/6fe4220912d19152a26ce19713ab232f4263018d •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-39961 – iommu/amd/pgtbl: Fix possible race while increase page table level
https://notcve.org/view.php?id=CVE-2025-39961
09 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/amd/pgtbl: Fix possible race while increase page table level The AMD IOMMU host page table implementation supports dynamic page table levels (up to 6 levels), starting with a 3-level configuration that expands based on IOVA address. The kernel maintains a root pointer and current page table level to enable proper page table walks in alloc_pte()/fetch_pte() operations. The IOMMU IOVA allocator initially starts with 32-bit address and o... • https://git.kernel.org/stable/c/754265bcab78a9014f0f99cd35e0d610fcd7dfa7 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-39958 – iommu/s390: Make attach succeed when the device was surprise removed
https://notcve.org/view.php?id=CVE-2025-39958
09 Oct 2025 — In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Make attach succeed when the device was surprise removed When a PCI device is removed with surprise hotplug, there may still be attempts to attach the device to the default domain as part of tear down via (__iommu_release_dma_ownership()), or because the removal happens during probe (__iommu_probe_device()). In both cases zpci_register_ioat() fails with a cc value indicating that the device handle is invalid. This is because the... • https://git.kernel.org/stable/c/359613f2fa009587154511e4842e8ab9532edd15 •